19 Indian Websites Defaced By Member of Bangladesh Grey Hat Hackers

Member of Bangladesh Grey Hat Hackers using the codename of V3N7UR3 defaced a total of 19 Indian websites during the weekend.The hacker uploaded the same deface page on each of the websites. At the time of publishing,all the websites were still holding the defacement page.This was posted on their official Facebook page.
List of Websites Defaced: [Click Here!]

Syrian Hacker Defaced Two United Nations Population Fund Websites

Syrian hacker using the codename Dr.SHA6H defaced two United Nations Population Fund Websites. On each website the hacker uploaded the same deface page on which a video of a wounded child was played. Below the video, the following message was written,
At the time of publishing, both websites were still holding the defacement page.
Websites Defaced:

OpMaldives : Anonymous Hackers Want To Penetrate More Maldives Government Websites

On December 20, Anonymous published a video where they explained why they leaked more than 200,000 individuals ID Card numbers. They stated that this was done to show how insecure the Government Authorities are.They added that they will continue to penetrate into government websites to help in improving the security.These websites will not be damaged permanently and they will not harm the infrastructure of Maldives. Below is the video posted on YouTube along with the transcript.
"In a recent press release by Maldives Police, they have singled out Anonymous Maldives as a threat to "citizens of the Maldives".
We have exposed more than a 200,000 thousand National ID Card details on our site "maldives.anonymous.lv" on December 2013. This was done in the interest of making the citizens of the Maldives aware that how insecure our Government Authorities are. We want to make it clear that this was done in no way to threaten any citizens rights. We do not wish to & will never terrorize our nation.
We have found traitors working in the Authorities who claims they are "IT/Security Experts". We call on the Election Comission to fire these traitors and secure our personal information. We will continue to penetrate into Government Websites just to help them improve their security. Sites we penetrate will not be permenantly damaged, nor we will harm the infrastructure of Maldives. We have simply shown how insecure our government is.
Police Authorities claimed that they have taken down our mirror site "maldives.anonymous.lv", but until now we still have our domain and it was never seized and cannot be. Our current mirror is "press.anonymous.lv" as a result of Government censoring our previous mirror "maldives.anonymous.lv". If you cut down one Anon, ten more will join us purely out of anger at your trampling of dissent.
Anonymous does not have leaders. We are not a group, we are not an organization. We are just an idea. We will respond to those who seek to threaten us, even if it's the Government. We understand that our participants have been concerned about the lies spread by Maldives Police Service in their press statement on 21st October 2013.
We are Anonymous.
We are legion.
We do not forgive.
We do not forget.
Expect us!

A Christmas Message From Edward Snowden

Edward Snowden, known all over the world today for disclosing secret documents of the NSA made a video on the occasion for Christmas where he talked about privacy. Below is the video and transcript. The video has been deleted on several occasion for copyright breach but we managed to get a copy of it on YouTube.

"Hi. A Merry Christmas.
I'm honored to have a chance to speak with you and your family this year.
Recently, we learned that our governments, working in concert, have created a system of worldwide mass surveillance, watching everything we do.
Great Britain's George Orwell warned us of the danger of this kind of information.
The types of collection in the book - microphones and video cameras, TVs that watch us - are nothing compared to what we have available today.
We have sensors in our pockets that track us everywhere we go.
Think about what this means for the privacy of the average person.
A child born today will grow up with no conception of privacy at all.
They'll never know what it means to have a private moment to themselves; an unrecorded, unanalyzed thought - and that's a problem, because privacy matters.
Privacy is what allows us to determine who we are and who we want to be.
The conversation occurring today will determine the amount of trust we can place, both in the technology that surrounds us, and the government that regulates it.
Together, we can find a better balance.

10 Chinese Sentenced For Hacking World of Warcraft Accounts

Last week, 10 Chinese men were sentenced for hacking and defrauding over 10,000 World of Warcraft accounts. One among them named Chen started buying compromised accounts for $1. He  then proceeded by selling the accumulated gold and gear for about $3 per account. Later he learned how to hijacked WOW accounts and he was hired by another man, Zhu. After receiving several complaints, an investigation was launched and Chen along with his group were arrested. They already stole over 11,500 accounts and earned around $10,800 in profit. Chen was sentenced to 2 years in prison and fined $8000. The others were fined $1000 and will spend less than two years in prison.
Source:[Click Here!]

180+ Websites Defaced By Indian Hacker ShOrTy420

Indian hacker using the codename of ShOrTy420 has defaced a total of 182 website. The hacker who is well known for mass defacement uploaded his usual defacement page on each of the websites where he provided his email address. At the time of publishing, all the websites were still holding the defacement page. A list of all the websites defaced has been provided.
List of Defaced Websites: http://pastebin.com/cfkzrWSL

Beware of Fake Tumblr Unlimited Posts Extension Malware

Last week, researchers from Malwarebytes discovered a malware called "Archive Poster" which is posing as tool that helps to remove posting limitation on Tumblr. The official archive poster team posted a warning message concerning this issue, saying " There is a user going around saying that there is a way to remove post limit. In fact, they are saying that this extension created it. Whatever you do, DO NOT download the file.There is no way to remove the post limit, and there never will be. We are not affiliated with anyone who claims they can."
This malware is designed to harvest usernames and passwords of users and sent to the phishers' server.  We advise our readers not to install anything which is not from an official source. 
A detailed explanation about the malware is available [Click Here!]

Jessica Simpson's Father Twitter Account Hacked

The verified Twitter account of Jessica Simpson' father, Joe Simpson, was hacked and around 40 messages accusing him of child molestation were posted in a very short delay.The hacker even posted "For those who are wondering...my account has not been hacked but as I said I would remove those tweets."
On the 17 of December 2013 Joe Simpson tweeted that he recovered his account. All the messages posted by the hacker were removed.
Source:[Click Here!]

9 British Websites Hacked By Pakistani Hacker

During the weekend, Pakistani hacker using the codename of Khan defaced 9 British websites. Among these, one is a government website (taith.gov.uk). The hacker uploaded the same deface page on each of the website. He stated the reason for this defacement on the page itself.At the time of publishing, all the websites were already restored. Mirrors of how they look during defacement has been provided below.
Message the hacker posted on the defacement page:
"You Dont See My last activiy when i hacked customs russia intelligence website
today i am again with same message uk goverment deciding Ban Hijab for muslim womens what the hell is this! when your womens wear underware and come out of home beaches, road, you said this is freedom ? this is no problem ? but when our ladies , sisters , mothers wear hijab you said this is problem . so you call this justice ? i will fight for our right like a legend till i die .. We Want Freedom For Our Religion. You can kill us but cant kill our idea ! Your All database Deleted! ./#LogOut

Link to websites defaced ad mirrors:

Sub Domain Of National Informatics Center of India Defaced

Last week a sub domain of National Informatics Center of India was defaced by hackers of leets point crew. On the defaced page, they added the logo and picture of leets-point.net website. By the time of publishing, the website was unavailable. Mirror of the defaced page has been provided below.
Message posted on Defaced Page:
[!] www.LeeTs-PoinT.net [!]
root@l337:~[#] uid=0(root) gid=0(root) groups=0(root)
Islam Zindabad , Long Live Muslims , Pakistan Zindabad
Security 0%
Need security???
Contact:~ http://www.leets-point.net
Love To: Dr@cul@ | HeeR | LeeT AttackeR | MerJani | Mj Mirza | D43m0n | TiGER-M@TE | BD XTOR | Sizzling Soul | Pakhtun~72 | Rotating Rotor | Ablaze Ever | m sajawal younas | sharif | DaN1 SpeeDy | Don | Dzhunter | Pk_Tracker | linux_maniac | c0d3-x-1337 | KiLLerMiNd | Kai-Haxor | Muhammad Bilal | Master Mind PCF | S.O.G | Nadan Shehxada | x33k A.K.A v1ruX 4u | Code Cracker | All Pakistani Haxors | All Muslim Haxors | All My Freinds | All BD GREY HAT HACKERS Team | & All LeeTs-PoinT.net Team Members
© UNDERGROUND HACKERs  2010 - 2014
Sub Domain Defaced:

Sentenced For Hacking Medical School Application System

Bosung Shim, a 24 year old man of Rockville, MD, was sentenced to three months in prison, followed by seven months in community confinement and three years of supervised release, for unauthorized access of a protected computer.Adding to this, he was  required to pay $31,653.24 in restitution to the victim and forfeit the computer equipment used in the crime.
He pleaded guilty on October 4, 2013 to one count of computer intrusion. Shim admitted that between June 2011 and December 2012 he repeatedly tried to get unauthorized access to the computer systems of University of Michigan and the Association of American Medical Colleges (AAMC). For six months in 2012, he attempted to change his Medical College Admissions Test scores. When he realized he was unable to hack it, he hired other hackers to do this for him causing tens of thousands of dollars damage.The aspiring medical student is also said to have perpetrated related fraud against other organization, such as the National Institutes of Health.
Source:[Click Here!]

Anonymous Video Statement Regarding Situation In Central African Republic

On 11 December 2013, Anonymous published a video on YouTube in which they talked about the situation regarding Central African Republic.In the video, Anonymous said "We've taken note that an operation would not help this location, nor the taking down/defacement of government websites....We will do everything in our ability to give the people in the Central African Republic, or C.A.R CAR for short, every necessity. " Below is the video and the full transcript.

"Citizens of the globe, we are anonymous. We bring you this urgent message concerning the events in the Central African Republic to light.
We've taken note that an operation would not help this location, nor the taking down/defacement of government websites.
This battleground of a country is not in the brink of chaos, this country has now fallen into chaos.
We will do everything in our ability to give the people in the Central African Republic, or C.A.R CAR for short, every necessity. Water, food, aid supplies is scarce and is being a high necessity to the people.
As of right now, the location is overrun by bloodshed and war, French troops and possible US military soldiers have been deployed and dispatched in the area. We fear these, soldiers are not here to make way for a hopeful path for the people in the Republic. They are there for the sake of oil, minerals and other resources the country is rich on.
Photos and videos are not taken lightly around these parts and the people behind these heinous attacks will make pleasure to make these events, these battles, go unnoticed.
We are doing this for the sake of the people, we could care less about the politics behind it. When innocent, peaceful people get hurt, beaten, abused and tortured..
We act.
Anonymous, is watching.
We are anonymous
We are legion
We never forgive
We never forget

This event is highly under-reported, and anonymous, will not let this go by unnoticed."

Firefox 26 Fixes 14 Vulnerabilities

14 security holes have been patched in the Firefox 26. Among these patches, 5 of them are considered as critical.These are vulnerability that can be used to run attacker code and install software, requiring no user interaction beyond normal browsing, 3 are moderate vulnerabilities and 3 are categorised as high. The remaining are considered to be of low security: "Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs."
We advise our readers to update their Firefox to be more secured.
List of Security Holes addressed in Firefox 26
MFSA 2013-117 Mis-issued ANSSI/DCSSI certificate
MFSA 2013-116 JPEG information leak
MFSA 2013-115 GetElementIC typed array stubs can be generated outside observed typesets
MFSA 2013-114 Use-after-free in synthetic mouse movement
MFSA 2013-113 Trust settings for built-in roots ignored during EV certificate validation
MFSA 2013-112 Linux clipboard information disclosure though selection paste
MFSA 2013-111 Segmentation violation when replacing ordered list elements
MFSA 2013-110 Potential overflow in JavaScript binary search algorithms
MFSA 2013-109 Use-after-free during Table Editing
MFSA 2013-108 Use-after-free in event listeners
MFSA 2013-107 Sandbox restrictions not applied to nested object elements
MFSA 2013-106 Character encoding cross-origin XSS attack
MFSA 2013-105 Application Installation doorhanger persists on navigation
MFSA 2013-104 Miscellaneous memory safety hazards (rv:26.0 / rv:24.2)

Source:[Click Here!]

Women Online Blackmailer Sentenced To 5years

In January, a 27 year old man, Karen “Gary” Kazaryan, was arrested on federal computer hacking charges.He was accused of hacking into several Facebook,Skype and email accounts of different women and blackmailing them. He sent a letter to the U.S. District Judge George H. King on Monday where he said “The lines between digital life and reality were blurred and out of control for me,” He also added that he put the blame of his actions on depression and the use of marijuana. He admitted hacking online accounts and blackmailing several women in sending him nude and semi nude pictures.He was sentenced for 5 years
Once the hacker gained control of the victims accounts,he changed the password,thus, preventing the legitimate users from accessing their accounts. He then searched the emails account for naked or semi naked pictures,as well as files and important information like passwords and friends names.After doing so,he posed himself online as women and fooled the 'friends' in removing their clothes so that he can watch them, or asked them to take pictures of themselves and send it to him.When the victims realized that they were not talking to their so called friend,he would blackmailed them using the photos he already have possession of by making them stripped live for him on camera.
Kazaryan contacted the victims at several occasion asking them to expose their breast on Skype.When they did not comply to his demands,he posted the nude pictures on their respective Facebook pages.The authorities found around 3000 nude and semi-nude pictures on the hackers computer,some taken from their online accounts and other taken by the hacker himself on Skype.

Assistant U.S. Attorney Tracy Wilkison said: “The victims called it rape because it felt like rape,”
Source:[Click Here!]

Android Game Balloon Pop 2 Steals WhatsApp Conversations

Graham Cluley, a veteran of the anti-virus industry has published on his official website about an Android game,Balloon Pop 2, which steals WhatsApp conversation.Google removed the game Balloon Pop 2 from Google Play.The application secretly steals private WhatsApp conversations and upload them to a website.On the website, Balloon Pop 2 is advertised as a program which can back up WhatsApp conversations. No description of the game was given on the website and the people behind this can argue that they are only providing a service for backing up WhatsApp conversation. An attacker can install this application on a device and later on visit the website to see the conversation of the victim.The attacker has to enter the device number he/she targeted and get access to the private conversations.
Source:[Graham Cluley Website]

Beware of Fake Aureus University Recruitment and Liaison Services Email

Experts have discovered a phishing email circulating and pretending to be from Aureus University School of Medicine Admissions Office.The email contains link which leads to a fake website. Cyber criminals behind this scam have used real address and phone number of the university to get more victims.The email content goes as follows,

I believe you are well ! Kindly View the
document I uploaded for you using Google
drive CLICK HERE and sign in securely
to view, It's very Important.


Aureus University School of Medicine
Admissions Office

21-00 Route 208 South

Suite 220

Fairlawn, NJ 07410

Tel: 201-773-8880

When clicking on the link provided, victims are directed to a website identical to that of Google Drive where they are asked to enter their personal information.Once the information are entered,these are sent to the cybercriminals and the victim is redirected to the original Google Drive login page.

We advise our readers to ignore these kind of emails and always check if the websites you are being redirected to is secures(https).

Source:[Click Here!]

Edward Snowden Studied Advanced Hacking In Delhi

Edward Snowden, known all over the world today for disclosing secret documents of the NSA studied core Java programming and advanced ethical hacking in India at Koenig Solutions,in Moti Nagar, New Delhi in 2010.It is this training which helped him in obtaining the EC-Council Certified Security Analyst (ECSA) certification. He came to India from Japan on September 3 and left for the US on the 9.
Rohit Aggarwal, founder and CEO of Koenig Solutions said,"He paid over $2,000 towards his training fee, lodging and boarding,".
The technical manager in information security at the center,Sisir Pandey said, "Snowden was a certified ethical hacker and hence he chose a fast-track course. It didn't take him much time to figure out how to create exploit-attacks and hack wireless networks. He was able to interpret vulnerabilities and outcomes in security testing,"
Snowden exchanged many emails with the training center and it revealed that he had several IT Security certifications,namely, EC-Council's Certified Ethical Hacker (CEH),Microsoft Certified Solutions Experts (MCSE), Comptia Network+, Comptia Security+ and Project Management Professional (PMP).
"He kept to himself. He was unassuming and nothing out of the ordinary. He was focused on the curriculum. He would frequently visit the Haldirams restaurant next to our centre," said Hema Sharma,manager of Koenig Solutions.
Source:[The Times of India]

#OpAngola : Several Government Websites Taken Down By Anonymous

A total of 69 government websites have been taken down by Anonymous hackers in an anti-government protest.After the opposition leaders accused officials of being involved in the killing of political activist last year, Angolan started protesting on the street.Anonymous hackers joined the protest by launching DDOS attack on all the Angolan websites.All the websites listed in the list below are hardly available after this DDOS was launched.This has been published on the twitter account of an Anonymous hacker using the code name of AnOn_GyNiUs.

 List of websites attacked:[Click Here!]

706 Domains Seized By International Law Enforcement Agencies

10 foreign law enforcement agencies teamed with the  U.S. Immigration and Customs Enforcement's (ICE) Homeland Security Investigations (HSI) to seize domain names that were illegally selling counterfeit merchandise online. A total of 706 domain names were seized. Those were set up to dupe customers into buying counterfeit goods as part of the holiday shopping season. 297 domain names were seized by US authorities, 393 by European authorities and 16 sites were taken down by Hong Kong Customs.
ICE Acting Director John Sandweg said, "Working with our international partners on operations like this shows the true global impact of IP crime,".. "Counterfeiters take advantage of the holiday season and sell cheap fakes to unsuspecting consumers everywhere. Consumers need to protect themselves, their families, and their personal financial information from the criminal networks operating these bogus sites."
Rob Wainwright, director of Europol said, "This operation is another good example of how transatlantic law enforcement cooperation works. It sends a signal to criminals that they should not feel safe anywhere,".."Unfortunately the economic downturn has meant that disposable income has gone down, which may tempt more people to buy products for prices that are too good to be true. Consumers should realize that, by buying these products, they risk supporting organized crime."

The domain names seized are now in the custody of the respective governments who took part in these operations. Visitors trying to visit these websites will find a banner which notifies them about the seizure.
More can be read from source [Here!]

Beware of Fake Royal Mail Email Containing Trojan

Experts from MX Lab intercepted a new Trojan distributing mail title as “Mail – Lost / Missing package” which is being sent from a spoofed mail address “Royal Mail Group”.The mail contains the following message, 
Mail – Lost / Missing package – UK Customs and Border Protection

    Royal Mail has detained your package for some reason (for example, lack of a proper invoice, bill of sale, or other documentation, a possible trademark violation, or if the package requires a formal entry) the RM International Mail Branch holding it will notify you of the reason for detention (in writing) and how you can get it released.

    Please fulfil the documents attached.
The attachment stated in the email is a ZIP file and contains a PDF document of 107kb named as, "RoyalMail_Report-ID-37846378962513415238471238476218736487123684.pdf". This PDF hides a Trojan downloader and once it is on a system, it creates a new process,adds itself to the Windows registry so that it stays persistent and changes the firewall settings.It is also capable of stealing credentials from FTP clients,collects information to fingerprint the system, performs HTTP requests and starts servers listening on on port 7748, on port 6023 and on port 0.
We advise our readers not to open files from untrusted emails and to update antivirus applications on your system.
Source:[Click Here!]

300 Websites Hacked By Indian Hacker Sn3aker

After defacing 70 websites last week, Indian hacker using the codename of Sn3aker defaced 300 websites this week. Among these, 3 of them are government websites.The hacker uploaded the same deface page on each of these websites.Sn3aker has been very active lately,before the last week attack on Thai websites, he defaced 10 Sri Lankan websites two weeks back.The full list of all the defaced websites has been provided below.
List of Defaced Website:[Click Here!]


Free counters!


MauriHackerS - Providing Latest IT Security and Hacking News !